DEV: Don’t patch Sanitize::Config

Currently we’re reopening the `Sanitize::Config` class (which is part of the `sanitize` gem) to put our custom config for Onebox in it. This is unnecessary as we can simply create a dedicated module to hold our custom configuration.
2022-04-06 15:19:41 +02:00 · 2022-04-06 15:19:41 +02:00 · 46176b7dd7
parent 1203121ac1
commit 46176b7dd7
5 changed files with 22 additions and 30 deletions
--- a/lib/onebox.rb
+++ b/lib/onebox.rb
@ -20,7 +20,7 @@ module Onebox
    load_paths: [File.join(Rails.root, "lib/onebox/templates")],
    allowed_ports: [80, 443],
    allowed_schemes: ["http", "https"],
-    sanitize_config: Sanitize::Config::ONEBOX,
+    sanitize_config: SanitizeConfig::ONEBOX,
    redirect_limit: 5
  }

--- a/lib/onebox/discourse_onebox_sanitize_config.rb
+++ b/lib/onebox/discourse_onebox_sanitize_config.rb
@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-module Onebox
-  class DiscourseOneboxSanitizeConfig
-    module Config
-      DISCOURSE_ONEBOX ||=
-        Sanitize::Config.freeze_config(
-          Sanitize::Config.merge(
-            Sanitize::Config::ONEBOX,
-            attributes: Sanitize::Config.merge(
-              Sanitize::Config::ONEBOX[:attributes],
-              'aside' => [:data]
-            )
-          )
-        )
-    end
-  end
-end
--- a/lib/onebox/preview.rb
+++ b/lib/onebox/preview.rb
@ -81,7 +81,7 @@ module Onebox
    end

    def sanitize(html)
-      config = @options[:sanitize_config] || Sanitize::Config::ONEBOX
+      config = @options[:sanitize_config] || SanitizeConfig::ONEBOX
      config = config.merge(allowed_iframe_regexes: @options[:allowed_iframe_regexes])

      Sanitize.fragment(html, config)
--- a/lib/onebox/sanitize_config.rb
+++ b/lib/onebox/sanitize_config.rb
@ -1,15 +1,14 @@
 # frozen_string_literal: true

-class Sanitize
-  module Config
-
+module Onebox
+  module SanitizeConfig
    HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze

-    ONEBOX ||= freeze_config merge(RELAXED,
-      elements: RELAXED[:elements] + %w[audio details embed iframe source video svg path],
+    ONEBOX ||= Sanitize::Config.freeze_config(Sanitize::Config.merge(Sanitize::Config::RELAXED,
+      elements: Sanitize::Config::RELAXED[:elements] + %w[audio details embed iframe source video svg path],

      attributes: {
-        'a' => RELAXED[:attributes]['a'] + %w(target),
+        'a' => Sanitize::Config::RELAXED[:attributes]['a'] + %w(target),
        'audio' => %w[controls controlslist],
        'embed' => %w[height src type width],
        'iframe' => %w[allowfullscreen frameborder height scrolling src width data-original-href data-unsanitized-src],
@ -29,7 +28,7 @@ class Sanitize
        }
      },

-      transformers: (RELAXED[:transformers] || []) + [
+      transformers: (Sanitize::Config::RELAXED[:transformers] || []) + [
        lambda do |env|
          next unless env[:node_name] == 'a'
          a_tag = env[:node]
@ -65,8 +64,19 @@ class Sanitize
      },

      css: {
-        properties: RELAXED[:css][:properties] + %w[--aspect-ratio]
+        properties: Sanitize::Config::RELAXED[:css][:properties] + %w[--aspect-ratio]
      }
-    )
+    ))
+
+    DISCOURSE_ONEBOX ||=
+      Sanitize::Config.freeze_config(
+        Sanitize::Config.merge(
+          ONEBOX,
+          attributes: Sanitize::Config.merge(
+            ONEBOX[:attributes],
+            'aside' => [:data]
+          )
+        )
+      )
  end
 end
--- a/lib/oneboxer.rb
+++ b/lib/oneboxer.rb
@ -425,7 +425,7 @@ module Oneboxer

      onebox_options = {
        max_width: 695,
-        sanitize_config: Onebox::DiscourseOneboxSanitizeConfig::Config::DISCOURSE_ONEBOX,
+        sanitize_config: Onebox::SanitizeConfig::DISCOURSE_ONEBOX,
        allowed_iframe_origins: allowed_iframe_origins,
        hostname: GlobalSetting.hostname,
        facebook_app_access_token: SiteSetting.facebook_app_access_token,